Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/2029a9-4396-4717-ab05-e24336ec8a08/1/ZiY2ltCBtALEYj2L80HrBY1atNI.roa
File:                     ZiY2ltCBtALEYj2L80HrBY1atNI.roa (raw, json)
Hash identifier:          r4AvWv8vnOF2W1jziJhJWuD4ZBM2XbmusVuYtPqhCJM=
Subject key identifier:   66:26:36:96:D0:81:B4:02:C4:62:3D:8B:F3:41:EB:05:8D:5A:B4:D2
Certificate issuer:       /CN=ed5293cd4a627a846aed60ca7fb5d5a9019aae51
Certificate serial:       018CC9BB97FB8400C0B94165A94FFD4BA9A0
Authority key identifier: ED:52:93:CD:4A:62:7A:84:6A:ED:60:CA:7F:B5:D5:A9:01:9A:AE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7VKTzUpieoRq7WDKf7XVqQGarlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/2029a9-4396-4717-ab05-e24336ec8a08/1/ZiY2ltCBtALEYj2L80HrBY1atNI.roa
Signing time:             Tue 02 Jan 2024 10:32:43 +0000
ROA not before:           Tue 02 Jan 2024 10:32:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        157.27.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/2029a9-4396-4717-ab05-e24336ec8a08/1/7VKTzUpieoRq7WDKf7XVqQGarlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/2029a9-4396-4717-ab05-e24336ec8a08/1/7VKTzUpieoRq7WDKf7XVqQGarlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7VKTzUpieoRq7WDKf7XVqQGarlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:97:fb:84:00:c0:b9:41:65:a9:4f:fd:4b:a9:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed5293cd4a627a846aed60ca7fb5d5a9019aae51
        Validity
            Not Before: Jan  2 10:32:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66263696d081b402c4623d8bf341eb058d5ab4d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:cd:22:9f:43:cd:a3:d8:43:bc:fa:05:5c:52:
                    6d:35:fc:c5:be:7a:49:bb:65:4b:f7:6e:db:06:39:
                    c4:94:31:7f:5c:bf:91:d3:dc:9d:d6:47:e7:f1:67:
                    14:1e:4c:c5:04:46:90:56:a4:40:4b:94:25:21:65:
                    2e:52:1f:c9:e3:99:7b:f4:b2:be:90:ed:0b:d7:55:
                    25:d9:2c:de:30:a0:28:57:91:70:da:a8:28:98:89:
                    c9:a0:b6:85:aa:68:e9:c7:71:f9:b2:e4:9c:9c:5f:
                    5a:04:6a:4c:d7:73:0f:b8:05:67:59:4e:e0:1c:8f:
                    d4:ec:06:38:c9:52:70:f6:ce:b8:58:f8:1e:59:30:
                    d3:9f:ca:81:39:29:59:61:8c:37:29:1f:dd:db:8a:
                    89:43:20:4b:9a:8d:f8:35:23:7f:46:6b:ac:45:e4:
                    c6:c1:21:1f:4c:97:d7:9e:29:31:96:6b:e2:91:d1:
                    71:f5:a6:26:40:85:55:25:24:ac:22:9a:30:f1:16:
                    8b:f2:49:42:f6:a7:ab:e6:9e:6d:b2:cd:5b:f8:d7:
                    9d:83:de:97:a2:d5:9d:e9:5d:0d:22:8a:f6:a3:a2:
                    2a:7c:d7:3d:9a:54:4d:a4:47:7a:4e:5a:b1:84:98:
                    0f:db:13:3d:9b:c9:d4:a2:fc:5e:16:d8:53:70:e5:
                    8b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:26:36:96:D0:81:B4:02:C4:62:3D:8B:F3:41:EB:05:8D:5A:B4:D2
            X509v3 Authority Key Identifier:
                keyid:ED:52:93:CD:4A:62:7A:84:6A:ED:60:CA:7F:B5:D5:A9:01:9A:AE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7VKTzUpieoRq7WDKf7XVqQGarlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2029a9-4396-4717-ab05-e24336ec8a08/1/ZiY2ltCBtALEYj2L80HrBY1atNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2029a9-4396-4717-ab05-e24336ec8a08/1/7VKTzUpieoRq7WDKf7XVqQGarlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.27.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a0:a5:1e:01:f5:fc:a5:30:12:f1:bb:06:9a:05:2e:8c:fc:13:
         4d:e6:a6:95:d3:f7:86:37:50:14:09:c9:01:99:7c:b5:9f:29:
         98:b9:f5:d1:7e:5f:34:42:09:0a:5b:ae:07:83:c1:08:d2:5c:
         08:ef:2d:53:d8:15:13:29:93:d8:72:0a:5f:d7:fa:46:16:a8:
         f1:bd:c1:95:c6:74:a5:07:cd:cd:34:4b:cd:41:c3:73:a9:1e:
         12:0e:04:b9:92:91:f3:ac:60:f4:2a:23:06:44:66:f4:cc:08:
         ae:db:36:f1:e2:45:c4:e2:68:81:ff:c8:cf:b5:a6:c7:ee:9f:
         46:02:48:d2:91:08:98:0d:11:2a:2e:f7:48:76:56:1d:ee:af:
         52:9c:fb:4b:15:95:3b:60:96:22:57:e7:9d:d0:6e:18:9d:9e:
         ec:76:2a:e3:1e:26:84:d2:e3:6f:91:9d:c1:a7:fe:3d:36:f8:
         3c:ab:14:1f:3d:89:81:7f:4d:10:d2:ef:54:70:23:e6:fe:3a:
         61:f5:68:4d:44:c6:65:9f:8c:11:45:0c:24:fc:d8:b2:04:5e:
         a2:74:71:a2:75:93:c2:a9:32:9f:b2:c7:39:1d:16:30:de:ef:
         e9:be:87:b0:5d:30:c2:b2:58:17:35:aa:9a:df:e7:bf:b9:3a:
         10:5b:c1:02
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzJu5f7hADAuUFlqU/9S6mgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNTI5M2NkNGE2MjdhODQ2YWVkNjBjYTdmYjVkNWE5MDE5
YWFlNTEwHhcNMjQwMTAyMTAzMjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjI2MzY5NmQwODFiNDAyYzQ2MjNkOGJmMzQxZWIwNThkNWFiNGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6s0in0PNo9hDvPoFXFJtNfzFvnpJ
u2VL927bBjnElDF/XL+R09yd1kfn8WcUHkzFBEaQVqRAS5QlIWUuUh/J45l79LK+
kO0L11Ul2SzeMKAoV5Fw2qgomInJoLaFqmjpx3H5suScnF9aBGpM13MPuAVnWU7g
HI/U7AY4yVJw9s64WPgeWTDTn8qBOSlZYYw3KR/d24qJQyBLmo34NSN/RmusReTG
wSEfTJfXnikxlmvikdFx9aYmQIVVJSSsIpow8RaL8klC9qer5p5tss1b+Nedg96X
otWd6V0NIor2o6IqfNc9mlRNpEd6TlqxhJgP2xM9m8nUovxeFthTcOWLOQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGYmNpbQgbQCxGI9i/NB6wWNWrTSMB8GA1UdIwQY
MBaAFO1Sk81KYnqEau1gyn+11akBmq5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1ZLVHpVcGllb1JxN1dES2Y3WFZxUUdhcmxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yMDI5YTktNDM5Ni00NzE3LWFiMDUt
ZTI0MzM2ZWM4YTA4LzEvWmlZMmx0Q0J0QUxFWWoyTDgwSHJCWTFhdE5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yMDI5YTktNDM5Ni00NzE3LWFiMDUtZTI0MzM2ZWM4YTA4
LzEvN1ZLVHpVcGllb1JxN1dES2Y3WFZxUUdhcmxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnRswDQYJ
KoZIhvcNAQELBQADggEBAKClHgH1/KUwEvG7BpoFLoz8E03mppXT94Y3UBQJyQGZ
fLWfKZi59dF+XzRCCQpbrgeDwQjSXAjvLVPYFRMpk9hyCl/X+kYWqPG9wZXGdKUH
zc00S81Bw3OpHhIOBLmSkfOsYPQqIwZEZvTMCK7bNvHiRcTiaIH/yM+1psfun0YC
SNKRCJgNESou90h2Vh3ur1Kc+0sVlTtgliJX553Qbhidnux2KuMeJoTS42+RncGn
/j02+DyrFB89iYF/TRDS71RwI+b+OmH1aE1ExmWfjBFFDCT82LIEXqJ0caJ1k8Kp
Mp+yxzkdFjDe7+m+h7BdMMKyWBc1qprf57+5OhBbwQI=
-----END CERTIFICATE-----